Meta, the owner of Facebook, has been hit with a hefty fine of €1.2 billion (£1 billion) by the Data Protection Commission in Ireland for mishandling users’ data during transfers between Europe and the United States.
This marks the largest penalty imposed under the European Union’s General Data Protection Regulation (GDPR) privacy law. The GDPR mandates that companies must obtain individuals’ consent before utilizing their personal information.
Meta, expressing its disagreement with the ruling, intends to challenge it, deeming it “unjustified and unnecessary.” The crux of the matter lies in the utilization of Standard Contractual Clauses (SCCs) for transferring European data to the US.
These contractual agreements, drafted by the European Commission, incorporate safeguards to ensure the continued protection of personal data when it is transferred outside of Europe.
However, concerns have arisen that these data transfers still expose European users to the less stringent privacy laws of the US, potentially allowing access to the data by US intelligence agencies.
Numerous large companies have intricate networks of data transfers, including email addresses, phone numbers, and financial details, to recipients overseas, with many relying on SCCs.
Meta argues that the fine is unjust due to the widespread use of SCCs by other companies operating in Europe. Nick Clegg, the President of Facebook, expressed disappointment, stating, “We are therefore disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe.
This decision is flawed, unjustified, and sets a dangerous precedent for the countless other companies transferring data between the EU and the US.”
Discussion about this post